Welcome to the first Patch Tuesday of the new decade! Already, we have some interesting controversy. The NSA has reported a vulnerability to Microsoft that allows for cryptographic spoofing of both local and remote certificates. This vulnerability has not been exploited in the wild, but it was discussed and teased by Krebs on Security leading up to this Patch Tuesday.
In total, there have been 49 bugs fixed this Patch Tuesday.
CryptoAPI
This bug is considered as bad as it gets, allowing a threat actor to fake file signatures and launch man-in-the-middle attacks on encrypted HTTPS communications. An attacker exploiting this vulnerability would be able to execute code remotely that the user believes is safely signed by a trusted source, or intercept protected information online. Microsoft rates this vulnerability as Important, and likely to be exploited. The NSA claims that the vulnerability is critical, and that remote exploit software will be easy to produce and made widely available in the near future. Administrators should patch their systems immediately, as there is no known mitigation for this vulnerability.
Windows Remote Desktop Gateway
While the NSA’s bug has taken the spotlight, it does not mean it is the only serious bug this month. Two flaws in Windows RDP could allow for a remote user without credentials to take over a vulnerable host server by initiating an RDP connection with maliciously crafted packets, requiring no interaction from the user. Microsoft rates these vulnerabilities as Critical.
Internet Explorer
Microsoft’s first browser, Internet Explorer, got the usual touchup treatment for Patch Tuesday. The browser was vulnerable to a memory corruption vulnerability that, if exploited, would allow for a remote attacker to execute arbitrary code within the context of the current user. The attacker would have to lure a vulnerable victim to a maliciously crafted site, or a site with malicious content displayed on it. Microsoft rates this vulnerability as Critical.
Microsoft Excel
Microsoft Excel is vulnerable to a remote code execution bug that executes code with the security context of the current user. As usual, exercising the principle of least privilege is the best way to protect yourself from vulnerabilities of this type. Microsoft rates this vulnerability as Critical
